omniauth-saml 0.9.1 → 0.9.2

data/README.md

@@ -4,6 +4,13 @@ A generic SAML strategy for OmniAuth.
 
 https://github.com/PracticallyGreen/omniauth-saml
 
+## Requirements
+
+* [OmniAuth](http://www.omniauth.org/) 1.0+
+* Ruby 1.9.2
+
+## Usage
+
 Use the SAML strategy as a middleware in your application:
 
 ```ruby
@@ -12,6 +19,7 @@ use OmniAuth::Strategies::SAML,
   :assertion_consumer_service_url => "consumer_service_url",
   :issuer                         => "issuer",
   :idp_sso_target_url             => "idp_sso_target_url",
+  :idp_cert                       => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
   :idp_cert_fingerprint           => "E7:91:B2:E1:...",
   :name_identifier_format         => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 ```
@@ -32,6 +40,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     :assertion_consumer_service_url => "consumer_service_url",
     :issuer                         => "rails-application",
     :idp_sso_target_url             => "idp_sso_target_url",
+    :idp_cert                       => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
     :idp_cert_fingerprint           => "E7:91:B2:E1:...",
     :name_identifier_format         => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 end
@@ -49,9 +58,13 @@ end
 * `:idp_sso_target_url` - The URL to which the authentication request should be sent.
   This would be on the identity provider. **Required**.
 
-* `:idp_cert_fingerprint` - The certificate fingerprint, e.g. "90:CC:16:F0:8D:...".
-  This is provided from the identity provider when setting up the relationship.
-  Optional.
+* `:idp_cert` - The identity provider's certificate in PEM format. Takes precedence
+  over the fingerprint option below. This option or `:idp_cert_fingerprint` must
+  be present.
+
+* `:idp_cert_fingerprint` - The SHA1 fingerprint of the certificate, e.g.
+  "90:CC:16:F0:8D:...". This is provided from the identity provider when setting up
+  the relationship. This option or `:idp_cert` must be present.
 
 * `:name_identifier_format` - Describes the format of the username required by this
   application. If you need the email address, use "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
@@ -59,15 +72,18 @@ end
   other options. Note that the identity provider might not support all options.
   Optional.
 
+## Authors
+
+Authored by Raecoo Cao, Todd W Saxton, Ryan Wilcox, Rajiv Aaron Manglani, and Steven Anderson.
+
+Maintained by [Rajiv Aaron Manglani](http://www.rajivmanglani.com/).
+
 ## License
 
-Copyright (c) 2011-2012 [Practically Green, Inc.](http://practicallygreen.com/) and [Rajiv Aaron Manglani](http://www.rajivmanglani.com/).  
+Copyright (c) 2011-2012 [Practically Green, Inc.](http://www.practicallygreen.com/).  
 All rights reserved. Released under the MIT license.
 
-Portions Copyright (c) 2007 Sun Microsystems Inc.  
-Portions Copyright (c) 2007 Todd W Saxton.  
-Portions Copyright (c) 2011 Raecoo Cao.  
-Portions Copyright (c) 2011 Ryan Wilcox.
+Portions Copyright (c) 2007 Sun Microsystems Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/omniauth-saml/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = "0.9.1"
+    VERSION = "0.9.2"
   end
 end

data/lib/omniauth/strategies/saml.rb

@@ -20,9 +20,11 @@ module OmniAuth
         begin
           response = OmniAuth::Strategies::SAML::AuthResponse.new(request.params['SAMLResponse'])
           response.settings = options
+
           @name_id  = response.name_id
           @attributes = response.attributes
-          return fail!(:invalid_ticket, 'Invalid SAML Ticket') if @name_id.nil? || @name_id.empty?
+
+          return fail!(:invalid_ticket, 'Invalid SAML Ticket') if @name_id.nil? || @name_id.empty? || !response.valid?
           super
         rescue ArgumentError => e
           fail!(:invalid_ticket, 'Invalid SAML Response')

data/lib/omniauth/strategies/saml/auth_request.rb

@@ -35,4 +35,4 @@ module OmniAuth
       end
     end
   end
-end
+end

data/lib/omniauth/strategies/saml/auth_response.rb

@@ -18,7 +18,7 @@ module OmniAuth
           self.document = OmniAuth::Strategies::SAML::XMLSecurity::SignedDocument.new(Base64.decode64(response))
         end
 
-        def is_valid?
+        def valid?
           validate(soft = true)
         end
 
@@ -29,39 +29,33 @@ module OmniAuth
         # The value of the user identifier as designated by the initialization request response
         def name_id
           @name_id ||= begin
-            node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
-            node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Assertion/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
-            node.nil? ? nil : node.text
+            node = xpath("/p:Response/a:Assertion[@ID='#{signed_element_id}']/a:Subject/a:NameID")
+            node ||=  xpath("/p:Response[@ID='#{signed_element_id}']/a:Assertion/a:Subject/a:NameID")
+            node.nil? ? nil : strip(node.text)
           end
         end
 
         # A hash of all the attributes with the response. Assuming there is only one value for each key
         def attributes
           @attr_statements ||= begin
-            result = {}
-
-            stmt_element = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AttributeStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+            stmt_element = xpath("/p:Response/a:Assertion/a:AttributeStatement")
             return {} if stmt_element.nil?
 
-            stmt_element.elements.each do |attr_element|
-              name  = attr_element.attributes["Name"]
-              value = attr_element.elements.first.text
-
-              result[name] = value
-            end
+            {}.tap do |result|
+              stmt_element.elements.each do |attr_element|
+                name  = attr_element.attributes["Name"]
+                value = strip(attr_element.elements.first.text)
 
-            result.keys.each do |key|
-              result[key.intern] = result[key]
+                result[name] = result[name.to_sym] =  value
+              end
             end
-
-            result
           end
         end
 
         # When this user session should expire at latest
         def session_expires_at
           @expires_at ||= begin
-            node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+            node = xpath("/p:Response/a:Assertion/a:AuthnStatement")
             parse_time(node, "SessionNotOnOrAfter")
           end
         end
@@ -69,7 +63,7 @@ module OmniAuth
         # Conditions (if any) for the assertion to run
         def conditions
           @conditions ||= begin
-            REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
+            xpath("/p:Response/a:Assertion[@ID='#{signed_element_id}']/a:Conditions")
           end
         end
 
@@ -103,7 +97,7 @@ module OmniAuth
 
         def get_fingerprint
           if settings.idp_cert
-            cert = OpenSSL::X509::Certificate.new(settings.idp_cert)
+            cert = OpenSSL::X509::Certificate.new(settings.idp_cert.gsub(/^ +/, ''))
             Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(":")
           else
             settings.idp_cert_fingerprint
@@ -135,7 +129,20 @@ module OmniAuth
           end
         end
 
+        def strip(string)
+          return string unless string
+          string.gsub(/^\s+/, '').gsub(/\s+$/, '')
+        end
+
+        def xpath(path)
+          REXML::XPath.first(document, path, { "p" => PROTOCOL, "a" => ASSERTION })
+        end
+
+        def signed_element_id
+          doc_id = document.signed_element_id
+          doc_id[1, doc_id.size]
+        end
       end
     end
   end
-end
+end

data/lib/omniauth/strategies/saml/xml_security.rb

@@ -123,4 +123,4 @@ module OmniAuth
 
     end
   end
-end
+end

data/spec/omniauth/strategies/saml/auth_request_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::SAML::AuthRequest do
+  describe :create do
+    let(:url) do
+      described_class.new.create(
+        {
+          :idp_sso_target_url => 'example.com',
+          :assertion_consumer_service_url => 'http://example.com/auth/saml/callback',
+          :issuer => 'This is an issuer',
+          :name_identifier_format => 'Some Policy'
+        },
+        {
+          :some_param => 'foo',
+          :some_other => 'bar'
+        }
+      )
+    end
+    let(:saml_request) { url.match(/SAMLRequest=(.*)/)[1] }
+
+    describe "the url" do
+      subject { url }
+
+      it "should contain a SAMLRequest query string param" do
+        subject.should match /^example\.com\?SAMLRequest=/
+      end
+
+      it "should contain any other parameters passed through" do
+        subject.should match /^example\.com\?SAMLRequest=(.*)&some_param=foo&some_other=bar/
+      end
+    end
+
+    describe "the saml request" do
+      subject { saml_request }
+
+      let(:decoded) do
+        cgi_unescaped = CGI.unescape(subject)
+        base64_decoded = Base64.decode64(cgi_unescaped)
+        Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(base64_decoded)
+      end
+
+      let(:xml) { REXML::Document.new(decoded) }
+      let(:root_element) { REXML::XPath.first(xml, '//samlp:AuthnRequest') }
+
+      it "should contain base64 encoded and zlib deflated xml" do
+        decoded.should match /^<samlp:AuthnRequest/
+      end
+
+      it "should contain a uuid with an underscore in front" do
+        UUID.any_instance.stub(:generate).and_return('MY_UUID')
+
+        root_element.attributes['ID'].should == '_MY_UUID'
+      end
+
+      it "should contain the current time as the IssueInstant" do
+        t = Time.now
+        Time.stub(:now).and_return(t)
+
+        root_element.attributes['IssueInstant'].should == t.utc.iso8601
+      end
+
+      it "should contain the callback url in the settings" do
+        root_element.attributes['AssertionConsumerServiceURL'].should == 'http://example.com/auth/saml/callback'
+      end
+
+      it "should contain the issuer" do
+        REXML::XPath.first(xml, '//saml:Issuer').text.should == 'This is an issuer'
+      end
+
+      it "should contain the name identifier format" do
+        REXML::XPath.first(xml, '//samlp:NameIDPolicy').attributes['Format'].should == 'Some Policy'
+      end
+    end
+  end
+end

data/spec/omniauth/strategies/saml/auth_response_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::SAML::AuthResponse do
+  let(:xml) { :example_response }
+  subject { described_class.new(load_xml(xml)) }
+
+  describe :initialize do
+    context "when the response is nil" do
+      it "should raise an exception" do
+        expect { described_class.new(nil) }.to raise_error ArgumentError
+      end
+    end
+  end
+
+  describe :name_id do
+    it "should load the name id from the assertion" do
+      subject.name_id.should == 'THISISANAMEID'
+    end
+
+    context "when the response contains the signed_element_id" do
+      let(:xml) { :response_contains_signed_element }
+
+      it "should load the name id from the assertion" do
+        subject.name_id.should == 'THISISANAMEID'
+      end
+    end
+  end
+
+  describe :attributes do
+    it "should return all of the attributes as a hash" do
+      subject.attributes.should == {
+        :forename => 'Steven',
+        :surname => 'Anderson',
+        :address_1 => '24 Made Up Drive',
+        :address_2 => nil,
+        :companyName => 'Test Company Ltd',
+        :postcode => 'XX2 4XX',
+        :city => 'Newcastle',
+        :country => 'United Kingdom',
+        :userEmailID => 'steve@example.com',
+        :county => 'TYNESIDE',
+        :versionID => '1',
+        :bundleID => '1',
+
+        'forename' => 'Steven',
+        'surname' => 'Anderson',
+        'address_1' => '24 Made Up Drive',
+        'address_2' => nil,
+        'companyName' => 'Test Company Ltd',
+        'postcode' => 'XX2 4XX',
+        'city' => 'Newcastle',
+        'country' => 'United Kingdom',
+        'userEmailID' => 'steve@example.com',
+        'county' => 'TYNESIDE',
+        'versionID' => '1',
+        'bundleID' => '1'
+      }
+    end
+
+    context "when no attributes exist in the XML" do
+      let(:xml) { :no_attributes }
+
+      it "should return an empty hash" do
+        subject.attributes.should == {}
+      end
+    end
+  end
+
+  describe :session_expires_at do
+    it "should return the SessionNotOnOrAfter as a Ruby date" do
+      subject.session_expires_at.to_i.should == Time.new(2012, 04, 8, 12, 0, 24, 0).to_i
+    end
+  end
+
+  describe :conditions do
+    it "should return the conditions element from the XML" do
+      subject.conditions.attributes['NotOnOrAfter'].should == '2012-03-08T16:30:01.336Z'
+      subject.conditions.attributes['NotBefore'].should    == '2012-03-08T16:20:01.336Z'
+      REXML::XPath.first(subject.conditions, '//saml:Audience').text.should include 'AUDIENCE'
+    end
+  end
+
+  describe :valid? do
+    it_should_behave_like 'a validating method', true
+  end
+
+  describe :validate! do
+    it_should_behave_like 'a validating method', false
+  end
+end

data/spec/omniauth/strategies/saml/validation_error_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::SAML::ValidationError do
+  it { should be_a Exception }
+end

data/spec/omniauth/strategies/saml_spec.rb

@@ -1,18 +1,29 @@
-require File.expand_path('../../../spec_helper', __FILE__)
+require 'spec_helper'
 
-describe OmniAuth::Strategies::SAML, :type => :strategy do
+RSpec::Matchers.define :fail_with do |message|
+  match do |actual|
+    actual.redirect? && actual.location == "/auth/failure?message=#{message}"
+  end
+end
+
+def post_xml(xml=:example_response)
+  post "/auth/saml/callback", {'SAMLResponse' => load_xml(xml)}
+end
 
+describe OmniAuth::Strategies::SAML, :type => :strategy do
   include OmniAuth::Test::StrategyTestCase
 
-  def strategy
-    [OmniAuth::Strategies::SAML, {
-      :assertion_consumer_service_url => "http://consumer.service.url/auth/saml/callback",
+  let(:auth_hash){ last_request.env['omniauth.auth'] }
+  let(:saml_options) do
+    {
+      :assertion_consumer_service_url => "http://localhost:3000/auth/saml/callback",
       :issuer                         => "https://saml.issuer.url/issuers/29490",
       :idp_sso_target_url             => "https://idp.sso.target_url/signon/29490",
-      :idp_cert_fingerprint           => "E7:91:B2:E1:4C:65:2C:49:F3:33:74:0A:58:5A:7E:55:F7:15:7A:33",
+      :idp_cert_fingerprint           => "E6:87:89:FB:F2:5F:CD:B0:31:32:7E:05:44:84:53:B1:EC:4E:3F:FA",
       :name_identifier_format         => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-    }]
+    }
   end
+  let(:strategy) { [OmniAuth::Strategies::SAML, saml_options] }
 
   describe 'GET /auth/saml' do
     before do
@@ -25,13 +36,98 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
   end
 
   describe 'POST /auth/saml/callback' do
+    subject { last_response }
 
-    it 'should raise ArgumentError exception without the SAMLResponse parameter' do
-      post '/auth/saml/callback'
-      last_response.should be_redirect
-      last_response.location.should == '/auth/failure?message=invalid_ticket'
+    let(:xml) { :example_response }
+
+    before :each do
+      Time.stub(:now).and_return(Time.new(2012, 3, 8, 16, 25, 00, 0))
     end
 
-  end
+    context "when the response is valid" do
+      before :each do
+        post_xml
+      end
 
+      it "should set the uid to the nameID in the SAML response" do
+        auth_hash['uid'].should == 'THISISANAMEID'
+      end
+
+      it "should set the raw info to all attributes" do
+        auth_hash['extra']['raw_info'].to_hash.should == {
+          'forename' => 'Steven',
+          'surname' => 'Anderson',
+          'address_1' => '24 Made Up Drive',
+          'address_2' => nil,
+          'companyName' => 'Test Company Ltd',
+          'postcode' => 'XX2 4XX',
+          'city' => 'Newcastle',
+          'country' => 'United Kingdom',
+          'userEmailID' => 'steve@example.com',
+          'county' => 'TYNESIDE',
+          'versionID' => '1',
+          'bundleID' => '1'
+        }
+      end
+    end
+
+    context "when there is no SAMLResponse parameter" do
+      before :each do
+        post '/auth/saml/callback'
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when there is no name id in the XML" do
+      before :each do
+        post_xml :no_name_id
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the fingerprint is invalid" do
+      before :each do
+        saml_options[:idp_cert_fingerprint] = "E6:87:89:FB:F2:5F:CD:B0:31:32:7E:05:44:84:53:B1:EC:4E:3F:FB"
+        post_xml
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the digest is invalid" do
+      before :each do
+        post_xml :digest_mismatch
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the signature is invalid" do
+      before :each do
+        post_xml :invalid_signature
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the time is before the NotBefore date" do
+      before :each do
+        Time.stub(:now).and_return(Time.new(2000, 3, 8, 16, 25, 00, 0))
+        post_xml
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the time is after the NotOnOrAfter date" do
+      before :each do
+        Time.stub(:now).and_return(Time.new(3000, 3, 8, 16, 25, 00, 0))
+        post_xml
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+  end
 end

data/spec/shared/validating_method.rb

@@ -0,0 +1,129 @@
+def assert_is_valid(soft)
+  if soft
+    it { should be_valid }
+  else
+    it "should be valid" do
+      expect { subject.validate! }.not_to raise_error
+    end
+  end
+end
+
+def assert_is_not_valid(soft)
+  if soft
+    it { should_not be_valid }
+  else
+    it "should be invalid" do
+      expect { subject.validate! }.to raise_error
+    end
+  end
+end
+
+def stub_validate_to_fail(soft)
+  if soft
+    subject.document.stub(:validate).and_return(false)
+  else
+    subject.document.stub(:validate).and_raise(Exception)
+  end
+end
+
+shared_examples_for 'a validating method' do |soft|
+  before :each do
+    subject.settings = mock(Object, :idp_cert_fingerprint => 'FINGERPRINT', :idp_cert => nil)
+    subject.document.stub(:validate).and_return(true)
+  end
+
+  context "when the response is empty" do
+    subject { described_class.new('') }
+
+    assert_is_not_valid(soft)
+  end
+
+  context "when the settings are nil" do
+    before :each do
+      subject.settings = nil
+    end
+
+    assert_is_not_valid(soft)
+  end
+
+  context "when there is no idp_cert_fingerprint and idp_cert" do
+    before :each do
+      subject.settings = mock(Object, :idp_cert_fingerprint => nil, :idp_cert => nil)
+    end
+
+    assert_is_not_valid(soft)
+  end
+
+  context "when conditions are not given" do
+    let(:xml) { :no_conditions }
+
+    assert_is_valid(soft)
+  end
+
+  context "when the current time is before the NotBefore time" do
+    before :each do
+      Time.stub(:now).and_return(Time.new(2000, 01, 01, 10, 00, 00, 0))
+    end
+
+    assert_is_not_valid(soft)
+  end
+
+  context "when the current time is after the NotOnOrAfter time" do
+    before :each do
+      # We're assuming here that this code will be out of use in 1000 years...
+      Time.stub(:now).and_return(Time.new(3012, 01, 01, 10, 00, 00, 0))
+    end
+
+    assert_is_not_valid(soft)
+  end
+
+  context "when the current time is between the NotBefore and NotOnOrAfter times" do
+    before :each do
+      Time.stub(:now).and_return(Time.new(2012, 3, 8, 16, 25, 00, 0))
+    end
+
+    assert_is_valid(soft)
+  end
+
+  context "when skip_conditions option is given" do
+    before :each do
+      subject.options[:skip_conditions] = true
+    end
+
+    assert_is_valid(soft)
+  end
+
+  context "when the SAML document is valid" do
+    before :each do
+      subject.document.should_receive(:validate).with('FINGERPRINT', soft).and_return(true)
+      subject.options[:skip_conditions] = true
+    end
+
+    assert_is_valid(soft)
+  end
+
+  context "when the SAML document is valid and the idp_cert is given" do
+    let(:cert) do
+      filename = File.expand_path(File.join('..', '..', 'support', "example_cert.pem"), __FILE__)
+      IO.read(filename)
+    end
+    let(:expected) { 'E6:87:89:FB:F2:5F:CD:B0:31:32:7E:05:44:84:53:B1:EC:4E:3F:FA' }
+
+    before :each do
+      subject.settings.stub(:idp_cert).and_return(cert)
+      subject.document.should_receive(:validate).with(expected, soft).and_return(true)
+      subject.options[:skip_conditions] = true
+    end
+
+    assert_is_valid(soft)
+  end
+
+  context "when the SAML document is invalid" do
+    before :each do
+      stub_validate_to_fail(soft)
+      subject.options[:skip_conditions] = true
+    end
+
+    assert_is_not_valid(soft)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+require 'simplecov'
+SimpleCov.start
+
+require 'omniauth-saml'
+require 'rack/test'
+require 'rexml/document'
+require 'rexml/xpath'
+require 'base64'
+require File.expand_path('../shared/validating_method.rb', __FILE__)
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+end
+
+def load_xml(filename=:example_response)
+  filename = File.expand_path(File.join('..', 'support', "#{filename.to_s}.xml"), __FILE__)
+  Base64.encode64(IO.read(filename))
+end

metadata

@@ -1,83 +1,113 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: omniauth-saml
-version: !ruby/object:Gem::Version 
-  hash: 57
+version: !ruby/object:Gem::Version
+  version: 0.9.2
   prerelease: 
-  segments: 
-  - 0
-  - 9
-  - 1
-  version: 0.9.1
 platform: ruby
-authors: 
+authors:
 - Raecoo Cao
 - Ryan Wilcox
 - Rajiv Aaron Manglani
+- Steven Anderson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-02-23 00:00:00 -05:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-03-30 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: omniauth
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &70159259960020 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 1
-        - 0
-        version: "1.0"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: XMLCanonicalizer
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *70159259960020
+- !ruby/object:Gem::Dependency
+  name: xmlcanonicalizer
+  requirement: &70159259959000 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 21
-        segments: 
-        - 1
-        - 0
-        - 1
-        version: 1.0.1
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 0.1.1
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: uuid
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *70159259959000
+- !ruby/object:Gem::Dependency
+  name: uuid
+  requirement: &70159259958260 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 2
-        - 3
-        version: "2.3"
+      - !ruby/object:Gem::Version
+        version: '2.3'
   type: :runtime
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: *70159259958260
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: &70159259957340 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :development
+  prerelease: false
+  version_requirements: *70159259957340
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: &70159259956340 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: *70159259956340
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70159259955720 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: *70159259955720
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: &70159259954920 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+  type: :development
+  prerelease: false
+  version_requirements: *70159259954920
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &70159259954240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - =
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+  type: :development
+  prerelease: false
+  version_requirements: *70159259954240
 description: A generic SAML strategy for OmniAuth.
-email: 
-- raecoo@gmail.com
-- rwilcox@wilcoxd.com
-- rajiv@alum.mit.edu
+email: rajiv@alum.mit.edu
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - README.md
 - lib/omniauth/strategies/saml/auth_request.rb
 - lib/omniauth/strategies/saml/auth_response.rb
@@ -86,40 +116,40 @@ files:
 - lib/omniauth/strategies/saml.rb
 - lib/omniauth-saml/version.rb
 - lib/omniauth-saml.rb
+- spec/omniauth/strategies/saml/auth_request_spec.rb
+- spec/omniauth/strategies/saml/auth_response_spec.rb
+- spec/omniauth/strategies/saml/validation_error_spec.rb
 - spec/omniauth/strategies/saml_spec.rb
-has_rdoc: true
+- spec/shared/validating_method.rb
+- spec/spec_helper.rb
 homepage: https://github.com/PracticallyGreen/omniauth-saml
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.6.2
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: A generic SAML strategy for OmniAuth.
-test_files: 
+test_files:
+- spec/omniauth/strategies/saml/auth_request_spec.rb
+- spec/omniauth/strategies/saml/auth_response_spec.rb
+- spec/omniauth/strategies/saml/validation_error_spec.rb
 - spec/omniauth/strategies/saml_spec.rb
+- spec/shared/validating_method.rb
+- spec/spec_helper.rb